1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Going Ghost Guide- Thwart Tracking, Profiling, and Identifying

Discussion in 'Black Hat SEO' started by maxsaint, Feb 24, 2014.

  1. maxsaint

    maxsaint Registered Member

    Joined:
    Nov 20, 2012
    Messages:
    70
    Likes Received:
    21
    Hola!,
    This is my first attempt to contribute something to the community. Basically you can find everything I write here somewhere else on the web or in some book - but exactly that is the problem. So I went through the best resources I could find and typed up this little guide. These settings will help to encyrpt your machine, prevent identifying, fingerprinting , and most importantly google tracking.

    With a lot of the blackhatting that were doing, I think its really helpful to make your machine as close to invisible as possible when online.


    * For those not wanting to use firefox, there is an alternative called Iceweasel. The same settings, configurations and plugins are cross compatible. Iceweasel is simply a re branded version of firefox download link: www[dot]sourceforge[dot]net/projects/iw4win/

    Firefox Preferences:
    Go to Firefox preferences and change these settings:
    [Some of these are defaults already - Some of them may disable images / scripts]

    Code:
     "General"->"when Firefox starts"->"Show a blank page"
    "General"->"save files to:"Downloads"
    "Content"->check:"Block pop-up windows"
    "Content"->uncheck:"Enable JavaScript" [optional - NoScript Add-on will block it anyway]
    "Content"->"Fonts & Colors"->"Advanced"->"Serif":"Liberation Sans"
    "Content"->"Fonts & Colors"->"Advanced"->"Sans-serif":"Liberation Sans"
    "Content"->"Fonts & Colors"->"Advanced"->uncheck:"Allow pages to choose their own fonts"
    "Content"->"Languages"->choose *only*:"en-us" [remove all others, if any]
    "Applications"->choose:"Always ask" for every application - if not possible:choose:"Preview in Firefox/Nightly"
    "Privacy"->"Tracking"->check:"Tell websites I do not want to be tracked"
    "privacy"->"History"->"Firefox will:"Use custom settings for history"
    "privacy"->"History"->uncheck:"Always use private browsing mode"
    "privacy"->"History"->uncheck:"Remember my browsing and download history"
    "privacy"->"History"->uncheck:"Remember search and form history"
    "privacy"->"History"->uncheck:"Accept cookies from sites"
    "privacy"->"History"->uncheck:"Accept third-party cookies"
    "privacy"->"History"->check:"Clear history when Firefox/Nightly closes"
    "privacy"->"History"->"settings":check all -> except:"Site Preferences"
    [to enable cookies for certain trusted sites: use:"Exceptions" and paste  URL of site and modify settings according to your preference. If you  additionally use Cookie-Monster (Add-on) you need to uncheck "Block all  cookies" in CM-Options]
    "privacy"->"location bar"->"When using the location bar,   suggest:"->choose:"Nothing"
    "security"->check:"Warn me when sites try to install add-ons"
    "security"->check:"Block reported attack sites"
    "security"->check:"Block reported web forgeries"
    "security"->"Passwords"->uncheck:"Remember passwords for sites"
    "security"->"Passwords"->uncheck:"Use a master password"
    "advanced"->"General"->"System Defaults"->uncheck:"Submit crash reports"
    "advanced"->"General"->"System Defaults"->uncheck:"Submit performance data"
    "advanced"->"Update"->check:"Automatically install updates"
    "advanced"->"Update"->check:"Warn me if this will disable any of my add-ons"
    "advanced"->"Update"->check:"Automatically update Search Engines"
    "advanced"->"Encryption"->"Protocols"->check:"Use SSL 3.0"
    "advanced"->"Encryption"->"Protocols"->check:"Use TLS 1.0"
    "advanced"->"Encryption"->"Certificates"->"When a server  requests my personal certificate"->check:"Ask me every time"
    
    About Config

    Open up another window in firefox and type in "about:config" click the warning message. From here type the variables "browser.cache.disk.enable" into the search bar, and double click on the name to change the settings.

    Code:
    ---disable browser cache:
    browser.cache.disk.enable:false 
    browser.cache.disk_cache_ssl:false 
    browser.cache.offline.enable:false 
    browser.cache.memory.enable:false 
    browser.cache.disk.capacity:0 
    browser.cache.disk.smart_size.enabled:false
    browser.cache.disk.smart_size.first_run:false
    browser.cache.offline.capacity:0
    dom.storage.default_quota:0
    dom.storage.enabled:false
    dom.indexedDB.enabled:false
    dom.battery.enabled:false
    
    ---disable history & localization
    browser.search.suggest.enabled:false
    browser.sessionstore.resume_from_crash:false
    geo.enabled:false
    
    ---misc other tweaks:
    keyword.enabled:false
    network.dns.disablePrefetch:true -> very important if using TOR
    network.dns.disablePrefetchFromHTTPS -> very important when using TOR
    geo.enabled: false > turns off your geographical location
    dom.disable_window_open_feature.menubar:true
    dom.disable_window_open_feature.personalbar:true
    dom.disable_window_open_feature.scrollbars:true
    dom.disable_window_open_feature.toolbar:true
    browser.identity.ssl_domain_display:1
    browser.urlbar.autocomplete.enabled:false
    browser.urlbar.trimURL:false
    privacy.sanitize.sanitizeOnShutdown:true
    network.http.sendSecureXSiteReferrer:false
    network.http.spdy.enabled:false ---> use http instead of google's spdy
    plugins.click_to_play:true ---> also check each drop-down-menu under "preferences"->"content"
    security.enable_tls_session_tickets:false ---> disable https-tracking
    security.ssl.enable_false_start:true ---> disable https-tracking
    extensions.blocklist.enabled:false ---> disble Mozilla's option to block/disable your addons remotely
    webgl.disabled:true ---> disable WebGL
    network.websocket.enabled:false ---> ***Tor Users: This is extremely important as it could blow your cover!
    
    ---make your browsing faster:
    network.http.pipelining:true
    network.http.pipelining.ssl:true
    network.http.proxy.pipelining:true
    network.http.max-persistent-connections-per-proxy:10
    network.http.max-persistent-connections-per-server:10
    network.http.max-connections-per-server:15
    network.http.pipelining.maxrequests:15
    network.http.redirection-limit:5
    network.dns.disableIPv6:true
    network.http.fast-fallback-to-IPv4:false 
    dom.popup_maximum Mine:10
    network.prefetch-next:false
    browser.backspace_action:0
    browser.sessionstore.max_tabs_undo:5
    browser.sessionhistory.max_entries:5
    browser.sessionstore.max_windows_undo:1
    browser.sessionstore.max_resumed_crashes:0
    browser.sessionhistory.max_total_viewers:0 
     
    • Thanks Thanks x 5
  2. maxsaint

    maxsaint Registered Member

    Joined:
    Nov 20, 2012
    Messages:
    70
    Likes Received:
    21
    Prevent Browser Fingerprinting [still in about:config]


    For all Firefox Versions after 17.0 [you should be using current versions and update them regularly anyway - to do this go to "preferences"->"advanced"->"update" select: "automatically install updates" & "warn me if this will disable any of my addons"]
    For the following changes right-click anywhere in about:config and select "new"-> "string" and enter in this order:



    Code:
     Variable:                               Value:
                                
    general.useragent.override   Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0 
    general.appname.override    Netscape
    general.appversion.override  5.0 (Windows)
    general.oscpu.override          Windows NT 6.1
    general.platform.override      Win32
    general.productSub.override  20100101
    general.buildID.override     0
    general.useragent.vendor     [enter variable - but leave value blank]
    general.useragent.vendorSub  [enter variable - but leave value blank]
    intl.accept_languages       en-us,en;q=0.5
    network.http.accept.default  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    network.http.accept-encoding  gzip, deflate 


    This creates a fake-profile of your browser via the HTTP-headers it sends.
    Check out @ https://panopticlick.eff[dot]org/
    With all the above settings I get 8.1 bits of identifying information at Panopticlick for my browser - which is really good.
    Considering:
    "In particular, a fingerprint that carries no more than 15-20 bits of identifying information will in almost all cases be sufficient to uniquely identify a particular browser, given its IP address, its subnet, or even just its Autonomous System Number."
    Source: https://panopticlick.eff.org/browser-uniqueness.pdf > page 3







    Search Engines
    https://www.duckduckgo.com/ - view privacy policy: http://donttrack.us/
    https://www.ixquick.com/ Metasearch engine (alltheweb, bing, digg, etc). Has an option to open search results via anonymous proxy
    https://www.startpage.com/ (a mirror of ixquick)
    https://privatelee.qrobe.it/ Bing and Google search results without the tracking
    http://www.yauba.com/ Option to open search results via anonymous proxy
    To add search engines to the firefox search bar have a look here: http://mycroft.mozdev.org/
     
    • Thanks Thanks x 3
  3. maxsaint

    maxsaint Registered Member

    Joined:
    Nov 20, 2012
    Messages:
    70
    Likes Received:
    21
    Temporarily and anonymous email addresses
    http://10minutemail.com/
    http://anonymouse.org/anonemail.html
    http://www.dispostable.com/
    http://www.sendanonymousemail.net/
    https://www.silentsender.com/

    https://addons.mozilla.org/en-US/firefox/addon/bloody-vikings/
    https://countermail.com/
    Bitmessage is also very good for secure anonymous email. With Bitmessage Webmail you can also receive emails from normal users & use it with Thunderbird.

    https://bitmessage.org/wiki/Main_Page


    OpenMailBox.or
    g - secure email

    Alternatives to Gmail:

    Zoho
    GMX
    Mail.com
    HUSHMAIL

    Be careful with lavabit & hushmail

    Although I don't think that hushmail is that bad, i.e. not worse than other big providers. Sure, they have been handing data over at request but since they aren't US-based they at least aren't involved with NSLs etc. At least that's a possibility. Anyhow, not the prime choice if you feel you need to have a more private e-mail experience.

    Personal Recommendation

    What I did was used one of my existing domain names that I wasn't using. I hooked it up to Thunderbird and downloaded a theme. Next I installed some addons:

    Adblock Plus

    Lightning - a calendar

    Remove / Disable Google Calendar

    United States English Spell Checker

    Thunderbird Conversations - threaded inline conversations


    Enigmail - security extenstion, you will have to install The GNU Privacy Guard which does most of the work.
    https://www.enigmail.net/documentation/quickstart-ch1.php#id2532629

    Personal Level Indicators - Once installed, it lets you know if a message was sent to you or groups of people. Similar to gmail- has indicator icons ">>" next to your messages. This doesn't take up any space.


    Send Later - lets you compose a message and send it later.

    Firefox Plugins


    Empty Cache Button [optional]

    Calomel SSL Validation [cool little addon which does exactly what its name says and also has some more tweaks in the settings]

    Adblock Edge

    [---> Filter Supscriptions: make sure you get some anti-tracking filters up and running! (depending on location & internet use)]
    Easylist
    EasyPrivacy
    fanboy-adblock
    Fanboy's Tracking List
    Fanboy's Annoyance List
    [---]
    BetterPrivacy [LSO/Flash-Cookie-Protection]
    Cookie Monster [Allows you to Manage your Cookie-Policies. For less baggage use Firefox/Iceweasel "Preferences" -> "Privacy"]

    HTTPS-Everywhere [Download via EFF.org] [settings: enable SSL-Observatory but don't allow to transmit ISP-data]
    HTTPS Finder
    NoScript [go to "settings" and check "also apply on whitelisted sites"]
    Perspectives [SSL-Cerfiticate-Control - go to settings: "notary servers" -> check "only contact when websites cause security error"]
    RefControl [controls your HTTP-Referers - setting: "block" -> "3rd parties only"]
    Request Policy [rejects cross-site requests]
    FoxyProxy [a convenient Proxy Switcher]
    Web Developer [Has some cool features. If you like inspecting websites just chec


    The Firefox add-on 'For Human Eyes Only'

    "For Human Eyes Only is a Firefox plugin that lets you post in a way that prevents computers from analysing your messages. The plugin converts your messages into images in a way that makes it hard for computers to extract your message, while genuine humans can still read it. Your messages are hosted on a server of your choice - you can even run your own hosting service. Supported versions are Firefox 4 and above."

    https://addons.mozilla.org/en-US/firefo ... -learnmore

    ****Ghostery
    This is not needed if your using adblock along with the filters. It actual does a much better job, and is less resource heavy on your computer.
    Also if you do add this onto your browser, do not enable the option to send data back to Ghostery, and remeber to manual config the block settings. Downloading the app in whatever browser sometimes doesn't automatically block trackers. It simply notifies you when theirs a traker on the webpage.

    ---------------------------------------------------

    Avoid using

    Hide My IP & Hide my ass

    SSL-Blacklist doesn't seem to be available much longer.

    Showip Some users over at mozilla.org suspect this addon to be spyware.
    BrowserProtect The same with this one.
    priv3 Although trustworthy, it's unnecessary when using Adblock with anti-tracking filters.
    ---------------------------------------------------
    If you use Google services like gmail or blogger for example always log out once you are finished with that service.
    Then use BetterPrivacy and have it set to delete all flash cookies when the browser shuts down. It adds two seconds to the browsers shutdown time, but imho it's the better solution.
    One nice thing I found, is apparently even if you have several mozilla browsers running, they must use the same multimedia folder, if you clear that folder in one, flash cookies are gone from all of them.



    Proxy Servers
    I have not yet written anything about proxy-servers. In short: Don't ever use them.

    There is a long and a short explanation. The short one can be summarized as follows:

    - Proxy-servers often sent xheaders containing your actual IP-address. The service you are then communication to will receive a header looking like this:

    Code:
    
    X-Forwarded-For: client, proxy1, proxy2
    
    This will tell the server you are connecting to that you are connecting to him via a proxy which is fetching data on behalf of... you!

    - Proxy servers are infested with malware - which will turn your pc into a zombie within a botnet - snooping out all your critical login data for email, banks and you name it.

    - Proxy servers can read - and modify - all your traffic. When skilled enough sometimes even circumventing SSL.

    - Proxy servers can track you.

    - Most proxy servers are run by either criminals or intelligence agencies / google


    VPN (Virtual Private Network)

    I'm sure most of you have heard / are using this but I recommend possibly setting up a VPN

    If you don't know what a VPN is or how it works - check out this video.

    Still not convinced? Then read what lifehacker has to say about it.

    Once you've decided that you actually want to use a VPN you need to find a trustworthy provider. Go here to get started with that.

    Only use services that offer OpenVPN. Basically all the other protocols aren't that secure. Or at least they can't compare to OpenVPN.

    Choose the most trustworthy service you find out there and be paranoid about it.

    A trustworthy service doesn't keep logs. If you choose a VPN, read the complete FAQ, their Privacy Policy and the Terms of Service. Check where they're located and check local privacy laws. And: Don't tell people on the internet which service you are using.

    You can get yourself a second VPN account with a different provider you access through a VM.
    That way VPN#1 only knows your IP-address but not the content of your communication and VPN#2 knows the content but not your IP-address.

    Don't try to use a free VPN. Remember: If you're not paing for it - you are the product.
     
    • Thanks Thanks x 2
    Last edited: Feb 24, 2014
  4. maxsaint

    maxsaint Registered Member

    Joined:
    Nov 20, 2012
    Messages:
    70
    Likes Received:
    21
    Passwords
    I have read a lot and used a lot of tools. One thing that amazes me is how people reuse passwords and usernames at different websites. One gets cracked and down comes the kingdom. It is important to remember that with the exception of perhaps banks most web passwords are not terribly secure and millions get stolen each year. My suggestion for anyone that is security concious is
    1) Create a very strong root password.
    2) Do not reuse passwords AND usernames
    3) Get Keepassx - password vault - use it and change passwords at least anually. Let it pick the passwords and set the tightest rules possible. One of the nice things about Keepassx is that it has windows, Linux, OSX and Android versions. They can all read the same pswd file. I just carry mine on a USB stick. Take care not to get database skew.
    4) Get GPG - key generator
    5) Get Truecrypt - encrypt files, volumes etc.
    6) I heard a security researcher say the vast majority of attacks are through the UI. Minimizing the attack surface is key to strong security. Browsers are a high value target.
    The 3 tools above are pretty powerful and can secure things quite well with some common sense. I have used all three for a long time with no or minimal problems. A word of caution though. If you forget your passphrase tough luck!


    Chromium


    * Sometimes the settings that I wrote for firefox will disable images/scripts/cookies on sites that you'll need access to.
    What I recommend doing is installing another browser (NOT CHROME/ EPIC/ IRON) such as opera, or chromium, or coolnovo (aka chromeplus)


    Coolnovo ships without Google's updater, user behavior tracker, or RIZ-encoded tracker. It allows you to specify that cookies, web browsing history, and passwords be erased upon exit. And finally, it does not send you to Google by default if you mistype an address. You can also configure coolnovo to remove Google as the default search engine


    Chromium Settings under Advance Settings:

    Disable the following:

    "Use a prediction service to help complete searches and URLs typed in the address bar". (

    "Use a web service to help resolve navigation errors"
    "Predict network actions to improve page load performance"

    "Enable Autofill to fill out web forms in a single click."
    "Offer to save passwords I enter on the web."

    Click on "customize fonts" and Set font
    s to " Liberation Sans"

    Set cookie settings to Only Sites you Visit. Will block a few third party tracking cookies.

    Enable "Send a ‘Do Not Track' request with your browsing traffic"

    Chromium Plugins

    Code:
    Click and clean - Cleans all history, cache,cookies and flash in a single click
    
    [URL="https://chrome.google.com/webstore/detail/kjhmfidomefgpbbebodnbakelpabilga"]A Little Privacy[/URL] - Prevents passing referrer to third parties, removes redirect trackers, resolves short URLs, and more.
    [URL="https://chrome.google.com/webstore/detail/cadbkmipeldjmjfcpcjibfjgflahmphk"]Abine TACO[/URL] - Opt-out of advertising networks
    [URL="https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom"]AdBlock[/URL] - Blocks ads all over the web.
    [URL="https://chrome.google.com/webstore/detail/cfhdojbkjhnklbpkdaibdccddilifddb"]Adblock Plus for Google Chromeâ„¢[/URL] - Blocks ads using the Firefox AdBlock Plus filter engine. Kiss ads goodbye and browse in peace!
    [URL="https://chrome.google.com/webstore/detail/ankgjoopnopeoeljehjkighfcfefalcg"]Block Mixed Content[/URL] - This extension blocks loading of insecure active content in secure (HTTPS) pages.
    [URL="https://chrome.google.com/webstore/detail/imhcbdomggfmhmaeicplciogjbfamkep"]Chrome BCExplorer BETA[/URL] - BrightCloud category and reputation info as you browse!
    [URL="https://chrome.google.com/webstore/detail/epanfjkfahimkgomnigadpkobaefekcd"]Chromeblock[/URL] - Stop secret tracking of your web browsing
    [URL="https://chrome.google.com/webstore/detail/jeoacafpbcihiomhlakheieifhpjdfeo"]Disconnect[/URL] - Stop major third parties and search engines from tracking the webpages you go to and searches you do.
    [URL="https://chrome.google.com/webstore/detail/mlomiejdfkolichcflejclcbmpeaniij"]Ghostery[/URL] - Protect your privacy. See who's tracking your web browsing with Ghostery.
    [URL="https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof"]KB SSL Enforcer[/URL] - Automatic security, browse encrypted.
    [URL="https://chrome.google.com/webstore/detail/hhnjdplhmcnkiecampfdgfjilccfpfoe"]Keep My Opt-Outs[/URL] - Permanently opts your browser out of online ad personalization via cookies.
    [URL="https://chrome.google.com/webstore/detail/dkpkjedlegmelkogpgamcaemgbanohip"]NOREF[/URL] - Suppress Referrer (referer) for Hyperlinks
    [URL="https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn"]NotScripts[/URL] - A clever extension that provides a high degree of 'NoScript' like control of javascript, iframes, and plugins on Google Chrome.
    [URL="https://chrome.google.com/webstore/detail/neafifkhibfnafkphgjgahokfkfhbdmh"]SafeBrowser[/URL] - Sends the url of the currently selected tab to Google Safe Browsing to retrieve some malware results of that domain
    [URL="https://chrome.google.com/webstore/detail/lgpkjjingioekjianemgdobchenebhek"]SaferChrome[/URL] - SaferChrome makes browsing safer by identifying and preventing security and privacy breaches.
    [URL="https://chrome.google.com/webstore/detail/loopfhgahilhlcjhdjbcilnpapbnfnnj"]Signature Check[/URL] - Allows users to check a certificate thumbprint against the SignatureCheck.org thumbprint to detect man-in-the-middle attacks that use valid signing certificates.
    [URL="https://chrome.google.com/webstore/detail/dckheglehcdhpjkdmmmghbgkcdebhhae"]SiteAdvisor for Chrome[/URL] - SiteAdvisor will give safety ratings for websites, this extension will warn you before you open threat sites.
    [URL="https://chrome.google.com/webstore/detail/cfnpidifppmenkapgihekkeednfoenal"]TrafficLight (BETA)[/URL] - Adds a strong and non-intrusive layer of security to your browsing experience
    [URL="https://chrome.google.com/webstore/detail/mjpinemnkjlppmemjfabdaelpfgfjgkj"]Unencrypted Password Warning[/URL] - Helps to prevent you from sending unencrypted passwords or credit card numbers.
    [URL="https://chrome.google.com/webstore/detail/gieohaicffldbmiilohhggbidhephnjj"]Vanilla Cookie Manager[/URL] - A Cookie Whitelist Manager that helps protect your privacy. Automatically removes unwanted cookies.
    [URL="https://chrome.google.com/webstore/detail/bhmmomiinigofkjcapegjjndpbikblnp"]WOT[/URL] - The WOT add-on is a safe surfing tool for your browser.
    
    I understand this may look choppy, and my grammers off...but hopefully this will help you guys on your money making ventures
    cheers!
     
    • Thanks Thanks x 1
    Last edited: Feb 24, 2014
  5. TheUnborn

    TheUnborn Elite Member

    Joined:
    Feb 21, 2013
    Messages:
    3,041
    Likes Received:
    1,672
    Occupation:
    SEO Consultant
    Home Page:
    This is a goldmine share,thanks OP
     
  6. Raccon

    Raccon Regular Member

    Joined:
    Dec 18, 2010
    Messages:
    340
    Likes Received:
    74
    thanks for the share my FF is hulking dinosaur now, will try to tweak it.
     
  7. tony_d

    tony_d Elite Member

    Joined:
    Jun 22, 2013
    Messages:
    2,581
    Likes Received:
    3,164
    Location:
    1600 Amphitheatre Parkway, Mountain View CA
    Good share op, thanks!
     
  8. Mr.Whitehat

    Mr.Whitehat Senior Member

    Joined:
    Apr 23, 2009
    Messages:
    855
    Likes Received:
    220
    Occupation:
    Wandering Around !
    Location:
    Dating Moolah Babe^
    that's kinda weird u wrote about aint it? Some yes but proxies are inevitable for blackhat usage. Itsnt annoying like a vpn..
     
  9. ORJay

    ORJay Regular Member

    Joined:
    Aug 4, 2013
    Messages:
    291
    Likes Received:
    116
    Location:
    Mumbai
    If anyone hasn't checked out "super Bird " browser it is time you do- it is chrome without tracking
     
  10. Execute

    Execute Supreme Member

    Joined:
    Aug 30, 2010
    Messages:
    1,349
    Likes Received:
    5,017
    Location:
    United Kingdom
    This is a great archive of quality information, read the first post and was quite impressed with the content and it just kept coming lol. Thanks for the share!
     
    Last edited: Feb 24, 2014
  11. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    452
    Or....

    You can just add the material in this link to your hosts file (Warning: download page will open): http://winhelp2002.mvps.org/hosts.zip

    This is a rather long addition to the host file (>500 Mb) that will stop most adware and tracking sites by denying them access.